Everyday stolen data is sold on the dark web. Information that ranges from social security numbers, driver’s licenses and even diplomas sell for a range of prices according to Experian credit monitoring. As reported by Quartz, one method that hackers or online thieves will employ is to buy huge amounts of the previously mentioned stolen data, like emails addresses, and use them to try to log into online retailers websites posing as actual customers. If the hackers are able to correctly log into a retailer’s website they will purchase anything of value from airline points to expensive cheese.
Since only a very small portion of the thousands of emails stolen may be connected to the online retail accounts, the hackers must employ sophisticated software to break into the accounts. Once hackers have purchased the stolen information, they will employ “credential stuffing” attacks where they use software programs to apply the stolen information in a flood of login attempts. With the continuous reports of data breaches, criminals have plenty of data to use in these attempts; so much so that 90% of all e-commerce login attempts globally are from credential stuffing attacks. These attacks are successful about 3% of the time and cost the e-commerce industry about $6 billion a year.
E-commerce websites are not the only industry that is targeted by these credential stuffing attacks. The share of fraudulent login attempts for the airline industry is at about 60% and 44% for the hotel industry. These credential attacks cost the hotel and airline industry a combined $700 billion a year. The banking industry is targeted millions of times a day by credential stuffing attacks costing the industry 1.7 billion annually.
If you’re a business owner, you’re in a unique position because you can both become a victim of identity theft which could impact you and your business financially and you may have sensitive customer data that hackers are after. Therefore, you need to safeguard you and your customer's data by taking protective steps like changing passwords often, using 2 step verification to login into your account, and use a secure payment gateway on your online store so that you're never directly in possession of customers vulnerable data. These are just a few steps that can be taken to help safeguard customers but in this continuous battle against hackers and identify thieves it is important to stay up to date in the latest methods they care using to try to take advantage of weaknesses in security .